Prevent leaking x509 and csr resources if it is not requested

All functions using php_openssl_x509_from_zval or php_openssl_csr_from_zval with makeresource equal to 0 do not deref the resource which means there is a leak till the end of the request. This can cause issues for long running apps. It is a generic solution for bug #75363 which also covers other functions.
php · Oct 30, 2017 · fc169d2 · fc169d2
1 parent d8ccffa
commit fc169d2
Showing 1 changed file with 6 additions and 3 deletions.
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
@@ -1587,10 +1587,11 @@ static X509 * php_openssl_x509_from_zval(zval * val, int makeresource, zend_reso
 		if (!what) {
 			return NULL;
 		}
-		/* this is so callers can decide if they should free the X509 */
 		if (resourceval) {
 			*resourceval = res;
-			Z_ADDREF_P(val);
+			if (makeresource) {
+				Z_ADDREF_P(val);
+			}
 		}
 		return (X509*)what;
 	}
@@ -3047,7 +3048,9 @@ static X509_REQ * php_openssl_csr_from_zval(zval * val, int makeresource, zend_r
 		if (what) {
 			if (resourceval) {
 				*resourceval = res;
-				Z_ADDREF_P(val);
+				if (makeresource) {
+					Z_ADDREF_P(val);
+				}
 			}
 			return (X509_REQ*)what;
 		}